Americas

  • United States

Asia

Oceania

mhill
UK Editor

HP CISO Joanna Burkey: Securing remote workers requires a collaborative approach

Feature
Sep 16, 20214 mins
CSO and CISORemote Work

New research finds 91% of IT teams feel pressure to compromise cybersecurity for WFH business continuity. HP CISO Joanna Burkey urges security leaders to tackle workforce IT conflicts to secure the remote and hybrid workplace.

Joanna Burkey, CISO, HP
Credit: HP

Tensions between IT teams and employees working from home threaten the security of organizations, with attempts to increase or update security for remote working regularly rebuffed in the name of business continuity. HP Inc. CISO Joanna Burkey believes security leaders must address these frictions to secure the future of the hybrid workplace. Speaking to CSO, she reflects on her experience with such issues and offers best practices for dealing with them.

IT conflicts create remote working cybersecurity risks

A new HP report, Rebellions & Rejections, combines data from a global YouGov online survey of 8,443 office workers who shifted to working from home due to the COVID-19 pandemic, and a global survey of 1,100 IT decision makers. It revealed that almost all (91%) IT teams have felt pressure to compromise security for business continuity as remote and hybrid working has taken hold, while 76% believe security has taken a back seat during the pandemic. As a result, 83% of IT teams say the increase in home workers has created a “ticking time bomb” for a corporate network breach. “This new report shows that while cyberattacks have become more sophisticated, the workforce has become less compliant, thus making it harder to defend the business,” Burkey says.

Other findings from the report further bear this out, particularly among younger workers. More than half of remote working 18- to 24-year-olds are more concerned with meeting deadlines than exposing the business to a data breach, with almost a third admitted to trying to bypass corporate security policies to get their work done.

Exacerbating matters are frictions between IT teams and the wider workforce regarding efforts to improve the security of remote working. As many as 80% of IT teams admitted to experiencing pushback from users who do not like controls being put on them at home, with 67% facing weekly complaints about this issue. Setting and enforcing corporate policies around cybersecurity is now impossible as the lines between personal and professional lives are so blurred, say 83% of IT teams. Perhaps most damningly, 80% of IT teams consider ensuring security a thankless task, with 69% burdened with feeling like the “bad guys” for trying to impose restrictions.

CISOs must address IT tensions to secure remote working

Burkey says it falls to security leaders to address the tensions between IT teams and remote workers to secure the future of remote and hybrid working. “It’s vital that any tension is addressed as otherwise it’s another chink in the armor, making you more vulnerable to attack. Security leaders play a key role in addressing tensions and making security something everyone can buy into, not just something they are told to do.”

She admits that, given the difficulty and uncertainty when working alone from home, it’s understandable that security can feel frustrating for users and that IT teams can seem like the bad guys, or that compromises must be made. However, CISOs must reassess security approaches, providing teams and employees with the best security and support for the hybrid workplace. “That means that what worked before might no longer,” Burkey says. “I believe that the organizations that best adapt to change instead of fighting the inevitable will come out on top, but this process isn’t painless, and will need strong leadership and communication to succeed.

Driving change to address tensions requires a more collaborative approach to security culture, one that sees security teams listening more to end users and understanding how policies and security technologies can impact workflows and productivity. “Building these bridges will help spread the burden of security, with end-users taking on more accountability,” says Burkey. To build those bridges, she suggests:

  • Open lines of communications with end users to help inform policy decisions.
  • Make adjustments such as providing the rationale behind a security decision or seeking user input before deploying new policies. “[This] can change hearts and minds.”
  • Seek out new levels of endpoint protection that offer advanced remote management while being as unobtrusive as possible to avoid end-users trying to circumvent it.

“By building collaborative security partnerships across the workforce, cybersecurity will start to become a cultural cornerstone,” says Burkey. If CISOs fail to turn such strained relationships between security teams and employees into partnerships that drive success, then friction and risk will only escalate, she says. “IT teams are facing an increasing level of threat from ransomware, firmware attacks against PCs and printers, and exploited vulnerabilities now people are working from home, so it’s no wonder 83% [of IT teams] believe this has created a ticking time bomb for a breach.”

mhill
UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author